By Sachin Yadav, Alok Bhavsar and Nachiketa Sharma
<\/strong>
The advent of various technologies and increase in the levels of sophistication in cyber incidents<\/a> today, staying on top, let alone ahead of cyber threats can sometimes seem impossible. COVID-19 created new challenges for businesses as they adapted to working from home, which became the ‘new normal’. Today, cybersecurity for companies is a major concern and a cyber incident can quickly and easily escalate to a business crisis. This may lead to high-profile media attention, financial losses, operational disruption, increased regulatory scrutiny, and\/or damage to customer loyalty and investor confidence. Hence, organisations must stay abreast and know how to handle\/deal with cyber incidents tactfully, while embracing a proactive approach to help minimise the impact of such incidents.

Instead of a traditional reactive approach, employing a hybrid approach is the need of the hour. A hybrid approach incorporates mechanisms to proactively detect cybersecurity incidents\/risks to respond and remediate and can reduce the possibility of future recurrences. Such a proactive incident response and readiness plan can help organisations discover and contain threats much earlier, while saving costs.

The Indian Computer Emergency Response Team (CERT-IN), India’s national nodal agency for responding to computer security incidents, has recently come out with a set of directives for service providers, intermediaries, data centres, body corporate, and government organisations to augment and strengthen the country’s cybersecurity efforts. The directive is significant as it stipulates shared responsibilities amongst all shareholders and punitive action for non-compliance. It significantly expands the range of cyber incidents that needs to be reported to 20 categories, including defacement of websites, unauthorised access to social media, data breach, data leaks. Some significant features of the directive include the following:

  1. Synchronise information and communication technologies (ICT) systems’ clocks. <\/li>
  2. Report cyber incidents to CERT-IN within six hours of noticing the incident or being brought to notice. <\/li>
  3. Act or provide information or assist CERT-IN, towards possible cybersecurity mitigation actions and enhanced awareness.<\/li>
  4. Designate a point of contact to interface with CERT-IN.<\/li>
  5. Enable logs of all ICT systems and maintain them within the Indian jurisdiction for a rolling period of 180 days and share as and when required\/directed.<\/li>
  6. Data centres, Virtual Private Server (VPS) providers, cloud service providers and Virtual Private Network Service<\/a> (VPN Service) need to maintain details of subscribers\/customers for five years or longer as mandated by the law (after cancellation or withdrawal).<\/li>
  7. Virtual asset service providers, virtual asset exchange providers, and custodian wallet providers need to maintain Know Your Customer (KYC) information and records of financial transactions for five years.<\/li><\/ol>A dedicated Cyber Incident Response team for effective pre-emptive and post incident actions, could therefore be extremely advantageous. This team can manage, mitigate, and guide an organisation during such times and ensure all necessary actions and checks are carried out in a compliant manner.

    Based on Deloitte’s experience in helping organisations prevent cyberattacks\/protect valuable assets, investigate cybersecurity incidents, and support global organisations, here are some best practices that could help organisations prepare for any cyber incident(s):

By Sachin Yadav, Alok Bhavsar and Nachiketa Sharma
<\/strong>
The advent of various technologies and increase in the levels of sophistication in cyber incidents<\/a> today, staying on top, let alone ahead of cyber threats can sometimes seem impossible. COVID-19 created new challenges for businesses as they adapted to working from home, which became the ‘new normal’. Today, cybersecurity for companies is a major concern and a cyber incident can quickly and easily escalate to a business crisis. This may lead to high-profile media attention, financial losses, operational disruption, increased regulatory scrutiny, and\/or damage to customer loyalty and investor confidence. Hence, organisations must stay abreast and know how to handle\/deal with cyber incidents tactfully, while embracing a proactive approach to help minimise the impact of such incidents.

Instead of a traditional reactive approach, employing a hybrid approach is the need of the hour. A hybrid approach incorporates mechanisms to proactively detect cybersecurity incidents\/risks to respond and remediate and can reduce the possibility of future recurrences. Such a proactive incident response and readiness plan can help organisations discover and contain threats much earlier, while saving costs.

The Indian Computer Emergency Response Team (CERT-IN), India’s national nodal agency for responding to computer security incidents, has recently come out with a set of directives for service providers, intermediaries, data centres, body corporate, and government organisations to augment and strengthen the country’s cybersecurity efforts. The directive is significant as it stipulates shared responsibilities amongst all shareholders and punitive action for non-compliance. It significantly expands the range of cyber incidents that needs to be reported to 20 categories, including defacement of websites, unauthorised access to social media, data breach, data leaks. Some significant features of the directive include the following:

  1. Synchronise information and communication technologies (ICT) systems’ clocks. <\/li>
  2. Report cyber incidents to CERT-IN within six hours of noticing the incident or being brought to notice. <\/li>
  3. Act or provide information or assist CERT-IN, towards possible cybersecurity mitigation actions and enhanced awareness.<\/li>
  4. Designate a point of contact to interface with CERT-IN.<\/li>
  5. Enable logs of all ICT systems and maintain them within the Indian jurisdiction for a rolling period of 180 days and share as and when required\/directed.<\/li>
  6. Data centres, Virtual Private Server (VPS) providers, cloud service providers and Virtual Private Network Service<\/a> (VPN Service) need to maintain details of subscribers\/customers for five years or longer as mandated by the law (after cancellation or withdrawal).<\/li>
  7. Virtual asset service providers, virtual asset exchange providers, and custodian wallet providers need to maintain Know Your Customer (KYC) information and records of financial transactions for five years.<\/li><\/ol>A dedicated Cyber Incident Response team for effective pre-emptive and post incident actions, could therefore be extremely advantageous. This team can manage, mitigate, and guide an organisation during such times and ensure all necessary actions and checks are carried out in a compliant manner.

    Based on Deloitte’s experience in helping organisations prevent cyberattacks\/protect valuable assets, investigate cybersecurity incidents, and support global organisations, here are some best practices that could help organisations prepare for any cyber incident(s):